By now you’ve heard about the hacker who recently exposed a major flaw in VTech’s servers, compromising the data of 4.8 million parents and children who used the toy manufacturer’s electronic learning devices.
The hacker, who chose to remain anonymous, says he has no intention of publishing or selling the data, adding that he was sickened that he could so easily access the data. The breach affected a database for VTech’s Learning Lodge app store, an online service that connects to many of the company’s devices, and included photos of children and parents, email addresses, names, passwords, gender, birth dates, etc. The customer data came from users in the U.S., Canada, U.K., Ireland, France, Germany, Spain, Belgium, the Netherlands, Denmark, Luxembourg, Hong Kong, China, Australia, New Zealand and Latin America.
It’s clear that VTech was negligent in their security, transferring data without using protective security protocols, storing data in plaintext (which means anyone could read it if they gained access to the servers), and storing passwords with insecure technology. However, this is not the first time kids tech has been highlighted as insecure and it’s raised serious questions about the lack of privacy involved with many children’s connected toys. Until privacy issues are addressed properly, many privacy experts are advising parents to simply stay away from these toys.
It’s true that data breaches are becoming pretty regular, but the situation is worse when the data compromised belongs to your child. Identity theft can happen just as easily to children as it does to adults – in fact, if someone steals your child’s identity, it could go undetected for many years because most parent’s don’t monitor their child’s credit. If you think your data may have been compromised in the VTech breach, or in any other data breach, check with the website Have I Been Pwned?. The website collects the information released publicly by hackers and sifts through these data dumps to find email addresses of affected individuals. It collects these into a searchable database that you can use to see if your accounts have been impacted.
You may be considering some connected toys for your child or they may already have these. If so, here are a few tips to help ensure your child’s privacy is protected:
- Be aware that the more Internet-connected devices your child has, the easier it is for hackers to access your child’s information. It might be worthwhile considering a second-hand smartphone. You can download data protection mechanisms to most smartphones, in fact many already come with data protection software.
- Check the privacy policies to see what you’re agreeing to and what the toy manufacturer plans on doing with the data collected. Are you comfortable with a company that says it will use, store, analyse or review your child’s data?
- Don’t use the same password for more than one site. Create passwords that are more than 12 characters long, contain numbers, letters, upper and lower case letters.
- Be aware of the information you’re sharing. If you’re creating a profile for your child online, there’s no harm in using false information.
Remember that what gets on the Internet, stays on the Internet – so the information you share about your child could impact their lives when they get older. If you regularly share photos of your child on social media, follow our tips to make sure you’re protecting their privacy.